Security Operations Engineer

Job content

Holland and Barrett is building a Cyber Security capability to ensure a coordinated response to the increasing cyber security threats, to enable risk based decisions to be made consistently across the organisation and to establish sustainable security capabilities that are integrated with the business. This role is for a mid-level resource for the Security Operations Centre with four main areas to cover - security monitoring, security incident investigations and response, SIEM platform implementation, assisting with tools selections for the SOC and threat intelligence.

Be a key member of the Security Operations Centre team to support the protection of H&B its assets, reputation and prevent losses due to breaches

Help in embedding real time logs and various external feeds to monitor our key assets (e.g. website, mobile apps, Cloud and on-premise assets)

Ensure SOC services are setup and delivered according to agreed Service Level Agreements

Contribute to the overall information security strategy

Drive the evolution of the SOC ("Detect", "Respond" and "Recover") capabilities

Support the implementation of various services related to an efficient cyber security operation

Ensure high service quality to business functions. and other stakeholders

Provide high-quality, prioritised and up-to-date information about the evolution of security threats that are relevant to H&B

Contribute to the improvement of the security operations centre capabilities on a year on year basis and adapt to evolution of cyber threats and to ensure a high-level of protection of H&B information and assets

Actively support the senior security leadership team

The Person

We’d Love To Meet Someone With

Experience working in an internal Security Operations Centre - improving their security knowledge and awareness. Walking through newly deployed security solutions and how to bring them into operational activities.

In-depth understanding of Microsoft and AWS cloud environments with proven experience deploying and maintaining security solutions for an operational team.

Experience leading and securing cloud environments, following, and executing on strategic direction

Excellent problem-solving skills – evidence of demonstrating innovative and methodical thinking.

Strong experience reading and consuming security operational alerts and logs (3rd Party and cloud native) as well as programming / scripting languages (e.g., PowerShell, PowerApps, KQL), to automate tasks, to enable security at speed and scale.

The scope of the role covers security incident response and investigations, security monitoring, threat intelligence and SOC platform engineering and support and will play an important part in smooth running of these services.

The Sec Ops Engineer Will

Work closely with the Security Operations Management Team to ensure all areas of SOC are aligned

Support and be a key player for setting up the SOC and maintain oversight of the lifecycle of in-scope technology that supports the SOC’s services;

Prevent attacks through knowledge and expertise on databases, network, hardware, firewalls and encryption

Monitoring of all H&B technologies, data assets and services

Detection using knowledge as well as automated events generated from various services

Ownership of incident investigations and swift resolution, depending on risks and priority of the incidents.

Root cause analysis incidents and improve response processes.

Support automation of incident runbooks/playbooks

Key Skills And Experience

3 years’ experience in Information and Cyber Security gained in Security Operations Centre

Demonstrate progression and development from L1, 2 and L3 positions

Demonstrate experience with SIEM tools and technologies

Good understanding of network and cloud architecture and corresponding security controls

Demonstrate defence in depth security from an IT perspective

Experience in end to end information security incident management and mitigating and addressing threat vectors including Advanced Persistent Threat (APTs), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.

Demonstrate cyber hunting techniques

Experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application, Firewalls, Firewall logs, systems logs, web logs, other application and event logs

Good experience of working in Cloud environments such as AWS, Azure, M365 and SaaS applications

Experience with building threat-based Use Cases using frameworks such as MITRE ATT&CK

Log carving and log investigation

Open Source dependency scanning

Bachelor’s degree in computer science, Engineering, or related field

Information Security and/or Information Technology industry certification (CISSP, CISA, CISM, GIAC , SANS SEC401 or equivalent a strong plus)

Other Skills

Understanding of security threats, attack scenarios, intrusion detection and incident management.

Strong facilitation, negotiation and conflict resolution skills.

Ability to deal with ambiguity and to keep a cool head when dealing with crisis or stressful situations

Strong analytical skills